feat: parse plugin.properties for tools metadata and make SbomGraphPr…

…ovider package private Signed-off-by: Gordon <[email protected]>
CycloneDX · Nov 13, 2024 · a2c603f · a2c603f
1 parent 5a5596b
commit a2c603f
Show file tree

Hide file tree

Showing 6 changed files with 37 additions and 14 deletions.
diff --git a/src/main/java/org/cyclonedx/gradle/CycloneDxPlugin.java b/src/main/java/org/cyclonedx/gradle/CycloneDxPlugin.java
@@ -18,10 +18,8 @@
  */
 package org.cyclonedx.gradle;
 
-import org.cyclonedx.gradle.model.SbomGraph;
 import org.gradle.api.Plugin;
 import org.gradle.api.Project;
-import org.gradle.api.provider.Provider;
 
 /**
  * Entrypoint of the plugin which simply configures one task
@@ -31,10 +29,6 @@ public class CycloneDxPlugin implements Plugin<Project> {
     public void apply(final Project project) {
 
         project.getTasks().register("cyclonedxBom", CycloneDxTask.class, (task) -> {
-            final Provider<SbomGraph> components =
-                    project.getProviders().provider(new SbomGraphProvider(project, task));
-
-            task.getComponents().set(components);
             task.setGroup("Reporting");
             task.setDescription("Generates a CycloneDX compliant Software Bill of Materials (SBOM)");
         });

diff --git a/src/main/java/org/cyclonedx/gradle/CycloneDxTask.java b/src/main/java/org/cyclonedx/gradle/CycloneDxTask.java
@@ -32,6 +32,7 @@
 import org.gradle.api.DefaultTask;
 import org.gradle.api.provider.ListProperty;
 import org.gradle.api.provider.Property;
+import org.gradle.api.provider.Provider;
 import org.gradle.api.tasks.Input;
 import org.gradle.api.tasks.Internal;
 import org.gradle.api.tasks.OutputDirectory;
@@ -59,13 +60,16 @@ public abstract class CycloneDxTask extends DefaultTask {
     private final Property<String> projectType;
     private final ListProperty<String> skipProjects;
     private final Property<File> destination;
+    private final Provider<SbomGraph> componentsProvider;
 
     @Nullable private OrganizationalEntity organizationalEntity;
 
     @Nullable private LicenseChoice licenseChoice;
 
     public CycloneDxTask() {
 
+        componentsProvider = getProject().getProviders().provider(new SbomGraphProvider(getProject(), this));
+
         outputName = getProject().getObjects().property(String.class);
         outputName.convention("bom");
 
@@ -228,9 +232,6 @@ public void setSkipProjects(final Collection<String> skipProjects) {
         return licenseChoice;
     }
 
-    @Input
-    public abstract Property<SbomGraph> getComponents();
-
     @OutputDirectory
     public Property<File> getDestination() {
         return destination;
@@ -250,7 +251,7 @@ public void createBom() {
         logParameters();
 
         final SbomBuilder builder = new SbomBuilder(getLogger(), this);
-        final SbomGraph components = getComponents().get();
+        final SbomGraph components = componentsProvider.get();
         final Bom bom = builder.buildBom(components.getGraph(), components.getRootComponent());
 
         getLogger().info(MESSAGE_WRITING_BOM_OUTPUT);

diff --git a/src/main/java/org/cyclonedx/gradle/DependencyGraphTraverser.java b/src/main/java/org/cyclonedx/gradle/DependencyGraphTraverser.java
@@ -57,7 +57,7 @@ class DependencyGraphTraverser {
     private final boolean includeMetaData;
     private final MavenHelper mavenHelper;
 
-    public DependencyGraphTraverser(
+    DependencyGraphTraverser(
             final Logger logger,
             final Map<ComponentIdentifier, File> resolvedArtifacts,
             final MavenProjectLookup mavenLookup,

diff --git a/src/main/java/org/cyclonedx/gradle/SbomBuilder.java b/src/main/java/org/cyclonedx/gradle/SbomBuilder.java
@@ -22,11 +22,13 @@
 import com.networknt.schema.utils.StringUtils;
 import java.io.File;
 import java.io.IOException;
+import java.io.InputStream;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.Properties;
 import java.util.Set;
 import java.util.TreeMap;
 import java.util.TreeSet;
@@ -47,6 +49,7 @@
 import org.cyclonedx.model.LicenseChoice;
 import org.cyclonedx.model.Metadata;
 import org.cyclonedx.model.Property;
+import org.cyclonedx.model.Tool;
 import org.cyclonedx.util.BomUtils;
 import org.gradle.api.logging.Logger;
 
@@ -120,6 +123,15 @@ private Metadata buildMetadata(final SbomComponent parentComponent) {
         metadata.setLicenseChoice(task.getLicenseChoice());
         metadata.setManufacture(task.getOrganizationalEntity());
 
+        final Properties pluginProperties = readPluginProperties();
+        if (!pluginProperties.isEmpty()) {
+            final Tool tool = new Tool();
+            tool.setVendor(pluginProperties.getProperty("vendor"));
+            tool.setName(pluginProperties.getProperty("name"));
+            tool.setVersion(pluginProperties.getProperty("version"));
+            metadata.addTool(tool);
+        }
+
         return metadata;
     }
 
@@ -262,4 +274,19 @@ private TreeMap<String, String> getQualifiers(final String type) {
         qualifiers.put("type", type);
         return qualifiers;
     }
+
+    private Properties readPluginProperties() {
+
+        final Properties props = new Properties();
+        try (final InputStream inputStream = this.getClass().getResourceAsStream("plugin.properties")) {
+            if (inputStream == null) {
+                logger.info("plugin.properties is not found on the classpath");
+            } else {
+                props.load(inputStream);
+            }
+        } catch (Exception e) {
+            logger.warn("Error whilst loading plugin.properties", e);
+        }
+        return props;
+    }
 }
diff --git a/src/main/java/org/cyclonedx/gradle/SbomGraphProvider.java b/src/main/java/org/cyclonedx/gradle/SbomGraphProvider.java
@@ -40,15 +40,15 @@
  * Provider that lazily calculates the aggregated dependency graph. The usage of a provider is essential to support
  * configuration cache and also to ensure that all dependencies have been resolved when the CycloneDxTask is executed.
  */
-public class SbomGraphProvider implements Callable<SbomGraph> {
+class SbomGraphProvider implements Callable<SbomGraph> {
 
     private static final String MESSAGE_RESOLVING_DEPS = "CycloneDX: Resolving Dependencies";
 
     private final Project project;
     private final CycloneDxTask task;
     private final MavenProjectLookup mavenLookup;
 
-    public SbomGraphProvider(final Project project, final CycloneDxTask task) {
+    SbomGraphProvider(final Project project, final CycloneDxTask task) {
         this.project = project;
         this.task = task;
         this.mavenLookup = new MavenProjectLookup(project);

diff --git a/src/test/groovy/org/cyclonedx/gradle/DependencyResolutionSpec.groovy b/src/test/groovy/org/cyclonedx/gradle/DependencyResolutionSpec.groovy
@@ -187,11 +187,12 @@ class DependencyResolutionSpec extends Specification {
         when:
         def result = GradleRunner.create()
             .withProjectDir(testDir)
-            .withArguments("cyclonedxBom", "--configuration-cache")
+            .withArguments("cyclonedxBom", "--configuration-cache", "--info", "--stacktrace")
             .withPluginClasspath()
             .build()
 
         then:
+        println(result.output)
         result.task(":cyclonedxBom").outcome == TaskOutcome.SUCCESS
         File reportDir = new File(testDir, "build/reports")